Wired Intelligent Edge (Campus Switching and Routing)

Root-Guard / Loop-Guard / Edge-port (portfast) MSFT configuration on s3500

Aruba Employee
Aruba Employee

Configuration Steps- Loop-gaurd:

The loop-guard feature provides additional protection against Layer 2 forwarding loops (spanning-tree loops). A spanning-tree loop is created when a blocking port in a redundant topology erroneously transitions to the forwarding state:
Without loop-guard feature: Once a port that is blocking stops receiving BPDUs, the Spanning-tree protocol conceives that the topology is loop free. It will eventually transition to forwarding. This situation creates a loop.
With loop-guard feature: Ports will assume there has been a unidirectional failure and will continue to block the port (loop-inconsistent) instead of transitioning into forwarding.
Loop-guard pertains to point-to-point links, on non-designated ports.


Loop-guard is configured under MSTP interface-profile:

(ArubaS3500) (config) #interface-profile mstp-profile LOOPGUARD
(ArubaS3500) (Interface MSTP “LOOPGUARD") #loopguard

(ArubaS3500)(config) #interface gigabitethernet 1/0/23
(ArubaS3500)(gigabitethernet "1/0/23") #mstp-profile loopguard

Root-guard :

Root-guard ensures unintended switch does not become a new root bridge.
A new switch being added to existing topology with lowest bridgeID.
Root-guard prevents ports from transitioning to root or alternate port roles 
When superior BPDU is seen on the port with root-guard configured, the port is blocked (root-inconsistent).
Once the port in root-consistent state no longer sees the superior BPDUs, the port will revert back and will start forwarding.
Recovery is automatic.


Root-guard is configured under MSTP interface-profile:

ArubaS3500) (config) #interface-profile mstp-profile ROOTGUARD
(ArubaS3500) (Interface MSTP "ROOTGUARD") #rootguard

Configured profile can then be applied to the interface.

(ArubaS3500)(config) #interface gigabitethernet 1/0/23
(ArubaS3500)(gigabitethernet "1/0/23") #mstp-profile rootguard

Edge-port - "port fast"

Interfaces can be configured as edge-ports to enable the ports to transition to immediately forwarding from blocking.
For interfaces that are not participating in Spanning-tree such as interfaces where end-hosts are connected.


Edge-port is configured under MSTP interface-profile:

(ArubaS3500) (config) #interface-profile mstp-profile EDGEPORTS
(ArubaS3500) (Interface MSTP "EDGEPORTS") #portfast

Configured profile can then be applied to the interface:

ArubaS3500) (config) #interface gigabitethernet 0/0/9
(ArubaS3500) (gigabitethernet "0/0/9") #mstp-profile EDGEPORTS

Spanning-tree feature configuration can be verified by following CLI command:

(ArubaS3500) #show interface-profile mstp-profile EDGEPORTS
Parameter               Value
---------               -----
Instance port cost      N/A
Instance port priority  N/A
Enable point-to-point   Disabled
Enable portfast         Enabled
Enable rootguard        Disabled
Enable loopguard        Disabled


Version history
Revision #:
1 of 1
Last update:
‎04-05-2015 06:14 AM
Updated by:
Labels (1)